Cyber Attacks Up for Public and Private Review

Cyber attacks are on the rise, according to a range of sources around the globe, with everyone from the White House Office of Management and Budget (OMB) to the UK-based BBC News this week surveying the cyber landscape to determine how best to handle a hack.

In a newly released annual report to Congress, the OMB offered up its assessment of cybersecurity at the federal level – and the results showed mixed reviews.

The report, issued under the Federal Information Security Management Act (FISMA), addressed the strengths and weaknesses of federal cybersecurity for the Fiscal Year (FY) 2011, touting a list of accomplishments and proposing plans to overcome obstacles.

Noting that the United States Computer Emergency Readiness Team (US-CERT) receives security incident reports from federal, state and local governments, as well as commercial enterprises, US citizens and international cyber organizations, the OMB reported that the US-CERT processed 107,655 incidents in FY 2011.

Though the figure was only up slightly from the 107,439 reports filed with the US-CERT in 2010, the OMB said that the number of cyber attacks targeting the federal government had increased by nearly five percent in the course of one year.

Including phishing, viruses, Trojans, worms, malicious websites, policy violations, suspicious network activities and social engineering issues on the US-CERT’s list of reported cyber incidents, the OMB said malicious codes continue to be the most widely reported cause of cyber attacks and hacking attempts against the federal government.

However, the OMB noted that “significant progress” was made in 2011 towards enhancing the government’s cyber capabilities to fend off potential attacks. Citing the US information breach spurred by WikiLeaks, the OMB said all 24 federal agencies now have privacy policies in place to protect data. The report also pointed out that the government is working to encrypt all of its laptops and portable devices to ensure that federal information is further secure, as more government employees take up teleworking to cut costs.

And speaking of costs, what was the bill for federal cybersecurity in FY 2011? $13.3 billion, according to the report, with the Department of Defense topping the chart, spending over $10 billion of the cyber budget. The United States Agency for International Development (USAID) spent the least on cybersecurity out of all 24 government agencies in 2011, cashing out in low millions.

But beyond the dollar amounts, cybersecurity is costing organizations headaches and stress, as well. And the UK’s BBC News may be feeling just that after announcing this week that it had fallen victim to a “sophisticated cyber attack.”

The hit came just one month after the BBC’s Director-General Mark Thompson blogged about his suspicion that the government of Iran was conducting “repeated jamming of international TV stations such as BBC Persian TV, preventing the Iranian people from accessing a vital source of free information.”

“I don’t want to go into any more detail about these incidents except to say that we are taking every step we can, as we always do, to ensure that this vital service continues to reach the people who need it,” Thompson said in a statement.

So while the OMB has provided its cyber report for public review, it looks like we’ll have to wait to see what happens as the BBC assesses its attack behind closed doors.